TL;DR: I have a Mikrotik mAP acting as a L2TP/IPSEC client in the field. It connects home to the “site-network” which is a sofether VPN server behind a DD-WRT router.
The aim is a client-to-site / road-warrior configuration.
The set-up is 90% working.
-Everything on the client (mAP) network CAN ping the site-network devices over VPN.
-NOTHING on the site-network side can ping the devices behind the mAP over VPN.
I have tried exhaustively to alter firewal rules, enable fast path (which helped make the mAP’s VPN IP pingable) and tweaking my mangle rules. I’m new to Mikrotik and even layer-3 and up networking, so, it is porbably somehting easy, but, what am I missing?
Thanks in advace!
Environment:
Site: 10.10.2.0/24
Site RTR: 10.10.2.1
Site VPN Server (Softether): interface bound to: 10.10.2.12
Site Workstation: 10.10.2.10
Client Side:
Client Network: 10.10.100.0/24
Mikrotik miniAP: 10.10.100.1
Client Workstation: 10.10.100.50
VPN: L2TP/IPSEC w/ pre-shared key
Client-to-Site
The VPN works. The Mikrotik mAP get the IP 10.10.2.39 as a client device and Client-side workstation CAN ping everything on the Site-side.
What DOES NOT WORK: Devices on the Site-side can not ping devices on the 10.10.100.0/24 network